FCC Adopts Updated Data Breach Notification Rules

pOn December 13 2023 the Federal Communications Commission FCC voted to update its 16year old data breach notification rules the Rules Pursuant to the FCC update providers of telecommunications Voice over Internet Protocol VoIP and telecommunications relay services TRS are now required to notify the FCC of a data breach in addition to existing obligations to notify affected customers the FBI and the US Secret ServiceppppThe updated Rules introduce a new customer notification timing requirement requiring notice of a data breach to affected customers without unreasonable delay after notification to the FCC and law enforcement agencies and in no case more than 30 days after the reasonable determination of a breach The new Rules also expand the definition of breach to include inadvertent access use or disclosure of customer information except in those cases where such information is acquired in good faith by an employee or agent of a carrier or TRS provider and such information is not used improperly or further disclosed The updated Rules further introduce a harm threshold whereby customer notification is not required if a carrier or TRS provider can reasonably determine that no harm to customers is reasonably likely to occur as a result of the breach or where the breach solely involves encrypted data and the encryption key was not affectedppCookie Settingsp